-
Notifications
You must be signed in to change notification settings - Fork 2
123 lines (111 loc) · 5.02 KB
/
multi-approvers.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# Copyright 2025 The Authors (see AUTHORS file)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: 'multi-approvers'
on:
workflow_call:
inputs:
# Path to a JSON file containing the members of the org. This should be
# the full path that should work with the https://raw.githubusercontent.com/ prefix.
# See the README for more.
org-members-path:
required: true
type: 'string'
multi-approvers-js-url:
description: 'The URL to multi-approvers.js. This should typically not need to be set.'
type: 'string'
default: 'https://raw.githubusercontent.com/abcxyz/actions/main/.github/workflows/multi-approvers.js'
permissions:
actions: 'write'
contents: 'read'
pull-requests: 'read'
jobs:
multi-approvers:
if: |-
contains(fromJSON('["pull_request", "pull_request_review"]'), github.event_name)
runs-on: 'ubuntu-latest'
steps:
- name: 'Download members.json'
id: 'download-members-json'
run: |-
MEMBERS_JSON="${RUNNER_TEMP}/${GITHUB_SHA:0:7}.members.json"
# Download the file, passing in authentication to get a higher rate
# limit: https://docs.github.com/en/rest/overview/resources-in-the-rest-api?apiVersion=2022-11-28#rate-limits-for-requests-from-github-actions
curl "https://raw.githubusercontent.com/${{ inputs.org-members-path }}" \
--silent \
--fail \
--location \
--header "Authorization: Token ${{ github.token }}" \
--output "${MEMBERS_JSON}"
# Save the result to an output.
echo "::notice::Downloaded members.json to ${MEMBERS_JSON}"
echo "output-file=${MEMBERS_JSON}" >> "${GITHUB_OUTPUT}"
- name: 'Download multi-approvers.js'
id: 'download-multi-approvers-js'
run: |-
MULTI_APPROVERS_JS="${RUNNER_TEMP}/${GITHUB_SHA:0:7}.multi-approvers.js"
# Download the file, passing in authentication to get a higher rate
# limit: https://docs.github.com/en/rest/overview/resources-in-the-rest-api?apiVersion=2022-11-28#rate-limits-for-requests-from-github-actions
curl "${{ inputs.multi-approvers-js-url }}" \
--silent \
--fail \
--location \
--header "Authorization: Token ${{ github.token }}" \
--output "${MULTI_APPROVERS_JS}"
# Save the result to an output.
echo "::notice::Downloaded multi-approvers.js to ${MULTI_APPROVERS_JS}"
echo "output-file=${MULTI_APPROVERS_JS}" >> "${GITHUB_OUTPUT}"
- name: 'Check approver requirements'
uses: 'actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea' # ratchet:actions/github-script@v7
with:
retries: 3
script: |-
const orgMembersPath = '${{ steps.download-members-json.outputs.output-file }}';
// Warning: this should not be quoted, otherwise comparisons will not work in JS.
const prNumber = ${{ github.event.pull_request.number }}
const repoName = '${{ github.event.repository.name }}'
const repoOwner = '${{ github.event.repository.owner.login }}'
const {onPullRequest} = require('${{ steps.download-multi-approvers-js.outputs.output-file }}');
await onPullRequest({
orgMembersPath,
prNumber,
repoName,
repoOwner,
github,
core,
});
- name: 'Re-run approver checks'
if: |-
github.event_name == 'pull_request_review'
uses: 'actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea' # ratchet:actions/github-script@v7
env:
branch: '${{ github.event.pull_request.head.ref }}'
repoName: '${{ github.event.repository.name }}'
repoOwner: '${{ github.event.repository.owner.login }}'
workflowRef: '${{ github.workflow_ref }}'
with:
retries: 3
script: |-
const {branch, repoName, repoOwner, workflowRef} = process.env
// Warning: this should not be quoted, otherwise comparisons will not work in JS.
const prNumber = ${{ github.event.pull_request.number }}
const {onPullRequestReview} = require('${{ steps.download-multi-approvers-js.outputs.output-file }}');
await onPullRequestReview({
branch,
prNumber,
repoName,
repoOwner,
workflowRef,
github,
core,
});